Re: NSA enhancing Linux security?

From: Christopher Browne (cbbrowne_at_acm.org)
Date: 02/29/04

• Next message: Christopher Browne: "Re: NSA enhancing Linux security?"
• Previous message: Christopher Browne: "Re: NSA enhancing Linux security?"
• In reply to: Marc Schwartz: "Re: NSA enhancing Linux security?"
• Next in thread: Marc Schwartz: "Re: NSA enhancing Linux security?"
• Reply: Marc Schwartz: "Re: NSA enhancing Linux security?"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

---

Date: 28 Feb 2004 23:04:56 GMT

Martha Stewart called it a Good Thing when Marc Schwartz <MSchwartz@mn.rr.com> wrote:
> Again, please...somebody verify my math.

The thing that would break your math would be if they had some fast
way of factoring public keys. The absence of such a thing is the
basis for RSA being considered "secure."

There is no straightforward way to prove that there is no fast way of
factoring the keys; if there was, we would probably know it by now.

And it's a hard sort of thing to prove; the converse is what would
likely be easy to prove. If you had a fast method to factor RSA keys,
then that would be the proof that RSA was insecure.

That's why PK using knapsack ciphers is considered insecure; a fast
method of cracking that was found.

It doesn't matter if your calculations are right or not; the point is
that they don't prove what you think they prove.

All they establish is that known brute-force attacks against RSA are
so slow that they are likely to be ineffective.

They don't prove the non-existence of some other "clever" attack that
does much better than brute force.

Finding "clever attacks" is what cryptanalysis is all about...

-- 
select 'cbbrowne' || '@' || 'ntlug.org';
http://www3.sympatico.ca/cbbrowne/languages.html
QT adds to  a Linux distribution a level  of licencing complexity that
nullifies one of the major  virtues of Linux: no licencing complexity.
-- <jedi@dementia.mishnet>

---

• Next message: Christopher Browne: "Re: NSA enhancing Linux security?"
• Previous message: Christopher Browne: "Re: NSA enhancing Linux security?"
• In reply to: Marc Schwartz: "Re: NSA enhancing Linux security?"
• Next in thread: Marc Schwartz: "Re: NSA enhancing Linux security?"
• Reply: Marc Schwartz: "Re: NSA enhancing Linux security?"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

---

Relevant Pages Re: How easy is it to break 128bit RSA ... SH> Actually your math is mostly wrong. ... RSA is an asymmetric algorithm meaning ... SH> there are NOT 2^128 possible keys in a 128bit RSA key, ... (comp.security.misc) [UNIX] Timing Attack on OpenSSL (OpenSSL Private Key Disclosure) ... Researchers have discovered a timing attack on RSA keys, ... unless RSA blinding has been turned on ... extract private keys from vulnerable RSA decryption applications. ... Similar types of timing attacks are discussed in CERT Advisory CA-1998-07, ... (Securiteam) [Full-Disclosure] Timing attack against RSA private keys. ... Cryptographic libraries and applications do not provide adequate ... defense against timing attacks on RSA private keys. ... to extract private keys from vulnerable RSA decryption applications. ... (Full-Disclosure) Re: A question about modular exponentiation ... > One can also compute the private exponent in a slightly different way: ... > I ran tests on this, generating primes to produce RSA keys ... Therefore, d is inverse of e both for mod lambda, and for phi. ... (sci.crypt) Re: RSA key size and safety ... assymmetric (RSA) will be safe for the next 50 years. ... LEAST 768-bit RSA keys. ... so any time estimates were likely based ... your public keys your system is fairly dead in the water. ... (sci.crypt)

---

• Security
• UNIX
• Linux
• Coding
• Usenet

• News
• Mailing-Lists
• Newsgroups
• Service
• About
• Privacy
• Search
• Imprint

www.derkeiler.com  > Newsgroups  > comp.os.linux.security  > 2004-02